The EU Commission is in the process of evaluating a controversial directive 2006/24/EC that requires all Member States to compel service providers to indiscriminately collect information on any phone call, text message, e-mail or Internet connection made in the EU (data retention). An early draft evaluation report was leaked in April.

The Romanian constitutional court found in 2009 that data retention per se breaches Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms (European Convention on Human Rights). The German Constitutional Courts also declared national implementing legislation to be unconstitutional earlier this year. In May, the Irish High Court decided to ask the European Court of Justice to rule whether EU communications data retention rules violate the EU Charter of Fundamental Rights.

In June 2010, more than 100 organisations from 23 European countries asked EU Commissioners Malmström, Reding and Kroes in a joint letter to „propose the repeal of the EU requirements regarding data retention in favour of a system of expedited preservation and targeted collection of traffic data“. This has led to various follow-up correspondence.

In July the Commission asked EU Member States to provide more information on whether communications logs stored under the 2006 directive

…have led to law enforcement results such as condemnations, acquittals, the closure or discontinuation of cases, or the prevention of crimes in particular. […]

Without this additional information it will be difficult for the Commission to adequately demonstrate that the Directive is useful and gives a clear security added value and that it strikes the right balance between real law enforcement interests, the costs that the market has to incur to provide the data and the sizeable impact that the retention of data has on the privacy of citizens.

This approach to evaluating the policy of „data retention“ was criticised in a letter of 3 September 2010, and in more detail in a letter to the Commission dated 6 October 2010 [emphasis and links added]:

Subject: Evaluation of the Data Retention Directive – data provided by Member States

Dear […],

in a letter to Member States regarding the current evaluation of directive 2006/24, the Commission has asked for statistics and examples of whether retained data have actually led to specific law enforcement results such as condemnations, acquittals, the closure or discontinuation of cases, or the prevention of crimes.

I welcome this step towards making the evaluation more conclusive. Yet I do not believe that the requested information is sufficient to judge the necessity of the directive.

First of all, the question relating to the „prevention of crime“ falls outside the scope of directive 2006/24 which the European Parliament has intentionally limited to the prosecution of crime. The necessity or proportionality of a measure cannot be demonstrated by referring to unintended side-effects, in my opinion.

Furthermore, I would like to draw your attention to the fact that the European Court of Human Rights, in its Marper judgement, criticised similar data provided by the UK government for not being conclusive: „Nor do they [Home Office statistics] demonstrate that the high number of successful matches with crime-scene stains was only made possible through indefinite retention of DNA records of all such persons. […] Yet such matches could have been made even in the absence of the present scheme […].“

So in addition to the information you have asked for in your letter to national governments, it is necessary to examine whether the reported results were only made possible through the blanket and indiscriminate retention of communications records of the entire population, or whether such results could have been achieved even in the absence of such a scheme. Where retained data have led to specific results, has the introduction of a blanket retention scheme led to an increase in the number of condemnations, acquittals, the closure or discontinuation of cases, or the prevention of crimes? Did States operating with targeted instruments achieve a similar number of condemnations, acquittals, the closure or discontinuation of cases, and the prevention of crimes as States operating with blanket retention? I suggest that you ask Member States these questions.

I my opinion there is no need for the EU to answer the necessity and proportionality question for all 27 Member States, for all 27 Parliaments, all 27 Constitutional Courts and all 500 mio. citizens in the same way. While some Member States – and in particular governments – may believe that blanket retention was necessary to prosecute crime,
other Member States (as well as most non-EU states) obviously have a different opinion. Directive 2006/24 already allows for so many different approaches to retention period, data types and data use that more harmonisation could be achieved by harmonising these parameters
and, at the same time, allowing Member States to decide for a targeted approach instead of blanket retention. For example, a choice of 0 or 6 months retention period would be more harmonised than the present choice of 6-24 months. In energy policy it is accepted that if Member States can demonstrate that they can achieve the policy goal through other means, they are free not to implement the measures suggested by the EU. Why should this approach not be adopted with regard to communications data retention?

I would like to recall that it is not the purpose of directive 2006/24 to facilitate the prosecution of crime, but to safeguard „the proper functioning of the internal market“ in light of „the various national rules adopted on the retention of data relating to electronic communications“ (ECJ, case C‑301/06). National rules on data retention may be harmonised, but it is not necessary to force Member States to adopt such rules that were not even in existence before. This approach actually leads to more varying national rules on data retention and thus to less harmonisation than achieved by directive 2002/58.

I hope that these comments will be useful to you when reviewing the information provided by governments, and when recommending changes to directive 2006/24/EC.

Best regards,
[…]
Working Group on Data Retention

In a letter to the Working Group dated 7 October 2010, EU Commissioner Cecilia Malmström wrote:

[...] I do not at this stage see any reason to envisage a differentiated application of the directive if the evaluation comes to the conclusion that the retention of data is necessary and proportionate.

On 25 November 2010, the European Commission is planning a major event on the Data Retention Directive (working title „Taking on the Data Retention Directive“). The opening session is to consist of five speeches. The keynote will be given by the Director General of DG Home Affairs, followed by four speakers – Peter Hustinx, Jörg Zierke from the German Federal Police Agency, possibly the CEO of Vodafone and EDRi. The Chairman of the Civil Liberties Committee has written a letter to the Commission asking for the event to be postponed to December 7 or 8 in order to allow MEPs to participate, because Parliament is in Strasbourg on 25 November.

The Commission intends to submit its evaluation report and recommendations to the European Parliament and the Council in late 2010.